An identification method is known that is implemented by means of a database putting a biometric characteristic of each user into association with personal data of the user. A dishonest person having access to the database would then have access to all of the information needed for that user to usurp the identity of an authorized user. The correspondence between the biometric characteristic and the personal data also goes against the confidentiality that is normally associated with implementing a database suitable for identifying all of the users of a service or an application.
An authentication method is also known from document EP-A-1 126 419 that is implemented by means of a memory and that makes it possible to prevent a third party who gains access to that memory from being able to use the information it contains in order to falsify authentication. The memory contains a modified biometric characteristic obtained by implementing a combination of modifications on a fingerprint of the user, each modification being identified by a respective code, and where such modifications are constituted, for example, by geometrical transformations associated with the addition of decoys. The combination of these codes forms the authentication code. The method comprises the steps of reading the fingerprint from the user and applying thereto all possible modifications, with the resulting modified biometric characteristic then being compared after each modification or combination of modifications with the modified biometric characteristic that has been stored in memory. A match between stored and resulting modified biometric characteristics makes it possible to deduce the code for the combination of modifications that have been implemented, which code constitutes the authentication code. Thus, mere access to the memory does not give a dishonest user the ability to discover a user's fingerprint, nor the corresponding authentication.
Such a method is difficult to transpose to identifying users from a database containing the biometric characteristics and the personal data of a plurality of users. That would require implementing all possible modifications on the user's fingerprint and comparing the results obtained with each of the modified transformed biometric characteristics in the database. That would lead to an operation that is particularly lengthy and greedy for computer resources. Unless particularly large computer resources are available, the method is therefore increasingly less usable with a database as the number of users referenced in that database increases.
It would therefore be advantageous to have a method that avoids these drawbacks of the above-mentioned method.